PowerWare Ransomware Abuses PowerShell, Office Macros

A new fileless ransomware family has been discovered, which abuses Windows’ PowerShell for nefarious activities, a novel approach to ransomware, Carbon Black researchers warn.

Dubbed PowerWare, this piece of malware is being delivered via a more traditional method, namely macro-enabled Microsoft Word documents, but it no longer writes malicious files to disk, as most ransomware does. Instead, it calls for PowerShell, a core utility of current Windows systems, to perform malicious operations, thus attempting to blend in with more legitimate computer activity. Read More